New Report: Snowden Revelations Hurt U.S. Companies

It’s been a persistent question ever since Edward Snowden revealed the National Security Agency’s expansive spying operations just over a year ago: Have the disclosures damaged U.S. interests?

A new report by the nonpartisan New America Foundation surveyed the revelations’ impact on U.S. businesses. The authors found that the resulting erosion of trust is having serious consequences for U.S. technology firms and for U.S. credibility around the world.

Summarizing the research to date, the report notes a widely cited 2013 paper by the Information Technology & Innovation Foundation, a business-friendly think tank, which found that the revelations could cost the U.S. cloud computing industry between $22 and $180 billion by 2016. A more recent survey of 300 British and Canadian multinational companies found that a quarter of respondents were moving their data outside the U.S., and the overwhelming majority was willing to sacrifice access speed for security. A March 2014 survey of 1,000 information-technology executives in France, Hong Kong, Germany, the United Kingdom and the U.S. found that the Snowden leaks “had a direct impact on how companies around the world think about information and communication technologies and cloud computing in particular.”

Individual companies, which originally were reticent to discuss damage to their bottom line, have come forward one by one. In November 2013, Cisco was among the first to say that an expected 10% drop in quarterly revenue was due, in part, to fallout from the Snowden affair. Qualcomm, International Business Machines, Microsoft, and Hewlett-Packardhave reported diminished sales in China as a result of the revelations, the report says. Servint, a Virginia-based web-hosting company, reported in June that international revenue had been cut in half since the disclosures began.

The Snowden documents also may have prompted foreign countries to deny large contracts to U.S. companies. In June, the German government announced that it intended to cancel its contract with Verizon, which provides Internet services to some German agencies, due to the company’s cooperation with the NSA. Brazil, which has had a heated debate over the NSA’s activities, passed over Boeing last December to award a coveted $4.5 billion fighter jet contract to Swedish manufacturer Saab.

To be sure, it’s hard to discern how bad the damage to U.S. businesses really is. Some U.S. firms may find it easier to blame the government than to chalk up losses to mismanagement or market forces. And some foreign countries that engage in domestic spying of their own have found that the disclosures provide a politically convenient pretext for targeting the U.S. The report largely takes at face value the claims of losses by U.S. politicians and companies.

The report documents a slew of proposed laws in foreign countries that would make it harder for U.S. firms to do business there. More than a dozen countries, including Germany, Brazil and India, have introduced or are debating rules that would require data to be held on servers in country and would limit the flow of information. Many are citing NSA spying as a reason to expedite these proposals. The European Union has proposed stricter domestic privacy legislation since the revelations. If the law passes — the EU is expected to vote on it next year — the resulting fines and penalties could cost U.S. firms billions of dollars.

On foreign policy, the report finds an erosion of U.S. credibility abroad, particularly as it relates to U.S. promotion of an open Internet. “Concrete evidence of U.S. surveillance has hardened the positions of authoritarian governments pushing for greater national control over the Internet,” the authors wrote. “The moral high ground that the United States relies upon when publicly pressuring authoritarian countries like China, Russia, and Iran to change their behavior has eroded.” Relationships with allies in Europe and Brazil have also weakened, the authors assert.

Beyond injury to the U.S.’s reputation, the report cites widespread damage to its cybersecurity. The NSA spends $250 million a year to develop relationships with companies aimed at weakening IT-security standards, the report says, citing news reports of the Snowden documents. It also alleges that the NSA stockpiles knowledge about corporate security holes rather than reporting them. And it cites allegations from the Snowden documents that the NSA hacks into the systems of U.S. firms, impersonating major companies like Facebook and LinkedIn to redirect traffic to the NSA’s own servers.

In an email, NSA spokeswoman Vanee Vines said, “NSA cannot crack much of the encryption that guards global commerce – and we don’t want to. We focus on using our limited and fragile cryptanalytic capabilities against our nation’s foreign intelligence targets.”

She added: The NSA’s “own reliance on many of the very same technologies that the public uses, the U.S. Government is as concerned as the public is with the security of these products.”